Yeah as was said yesterday to Bruno as well focus on the lab version 12.4T has it but not 12.4(15)T
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Wednesday, October 13, 2010 4:01 AM To: Tyson Scott Cc: Carlos Jardim; CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] MATCH-ALL keyword Yes Tyson. It's not there in 12.4(15)T13 but I can see it in 15.0(1)M1. So it should have come sometime after 15T. But the lab is based on 12.4(15)T right? With regards Kings On Wed, Oct 13, 2010 at 11:20 AM, Tyson Scott <[email protected]> wrote: Kingsley, It all depends on version R1(config)#class-map type inspect smtp match-all TEST R1(config-cmap)#match ? body ESMTP body cmd ESMTP command verb data-length Specify data transfer length per session header ESMTP header mime ESMTP mime recipient ESMTP recipient reply ESMTP reply sender ESMTP sender R1(config-cmap)#match Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Wednesday, October 13, 2010 1:21 AM To: Carlos Jardim Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] MATCH-ALL keyword That's because you have only one match criteria for smtp class map.. If you add another "match data-length" that will overwrite the existing one. router1(config)#class-map type inspect smtp match-any king router1(config-cmap)#? Class-map configuration commands: description Class-Map description exit Exit from class-map configuration mode match classification criteria no Negate or set default values of a command rename Rename this class-map router1(config-cmap)#mat router1(config-cmap)#match ? data-length Specify data transfer length per session With regards Kings On Wed, Oct 13, 2010 at 9:15 AM, Carlos Jardim <[email protected]> wrote: All, I am trying the following.. could you guys tell me where my mistake is.. first time I did this lab (Yusuf1) it was ok.. but now I don't understand why it's not working.. parameter-map type regex ABCD pattern [email protected] ! access-list 111 permit ip any any ! class-map type inspect match-all CM_CENTRAL_REMOTE match access-group 111 ! policy-map type inspect central_remote class type inspect CM_CENTRAL_REMOTE inspect class class-default ! (...) ! class-map type inspect match-any HTTP match protocol http ! class-map type inspect match-any OTHER match protocol telnet match protocol ssh ! class-map type inspect match-all CM_ICMP match protocol icmp ! class-map type inspect match-all CM_SMTP match protocol smtp ! ! class-map type inspect http match-any L7CM_HTTP match request port-misuse tunneling ! policy-map type inspect http L7PM_HTTP class type inspect http L7CM_HTTP reset ! ! ! class-map type inspect smtp ? WORD class-map name match-any Logical-OR all matching statements under this classmap ! ! ****** at this point I don't have "MATCH-ALL" keyword available. I just wanted to add another match sentence inside this class-map (match sender address regex ABCD). ******* policy-map type inspect remote_central class type inspect CM_ICMP inspect police rate 20000 burst 2000 class type inspect OTHER inspect class type inspect CM_SMTP inspect class type inspect HTTP inspect service-policy http L7PM_HTTP ! ! ! ****** configuring this class-map with match-any I can't use a second match as expected ****** R5(config-cmap)#class-map type inspect smtp match-any L7CM_SMTP R5(config-cmap)#match ? data-length Specify data transfer length per session ****** data-length appears as the only one option ******* Thanks a lot; Carlos _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
